Earlier this year Sony suffered major embarrassment and the wrath of its customers when the PlayStation Network got hacked. 77 million accounts were stolen, and Sony was forced to take its servers offline, do a system reset, and get everyone to select new passwords.

Eventually PSN came back online with Sony’s promise of new security to ensure such a major breach never happened again. Late yesterday, posting on the PlayStation.Blog, Sony Group’s chief information security officer Philip Reitinger admitted a further 93,000 PSN, Sony Entertainment Network, or Sony Online Entertainment accounts have just been breached. However, this time there seems to be a lot less damage.

Sony is still investigating what happened, but believes the sign-in ID and password combinations came from another company who keep lists of such data. That raises the question: why do other companies have these lists?

After identifying the 93,000 breached accounts Sony has locked them and is now contacting the owners via email. Apparently only a subset of those accounts have seen any activity since the breach, but to be extra cautious Sony is forcing a password reset for all of them. They are also keen to point out no credit card data has been accessed.

If your account is one of those affected you’ll know by trying to login. You should also be receiving an email shortly.

Even though this seems to be a minor data breach, it still throws the focus back on Sony and another issue regarding the security of its systems. While the breach may not have been Sony’s fault directly, why on earth is user ID and password data being held by 3rd party companies as is suggested by Reitinger?